Once finishing the sketch of a design for a payment system
(See last 3 blogs), I can do what I never get to do in public with a real
system. I get to publically expose its risks, and not just the boring risks wholesale
bankers discuss, namely liquidity, credit, systemic, operational, and legal,
but the vulnerability to planned attacks, and the validity of funds spent for
defense, and insurance against attacks.
An astute observer may note that the difference between
wholesale and retail payment hubs is value. Speaking from memory, retail
payment system value in 2012 was $79 Trillion, while wholesale payment value
for that year was $750 Trillion
(See http://www.frbservices.org/files/communications/pdf/research/2013_payments_study_summary.pdf and data at http://www.federalreserve.gov/paymentsystems/fedfunds_ann.htm
for actual numbers including definitions and assumptions),
Since aggregate retail payments have about 1/10th
the value as wholesale payments, the risk of loss has the same decrease in
value. Further all the boring risks wholesale payments system managers spend
fussing over do not really affect retail payment systems as much because if
you knock out one player, the boat still floats if it is a healthy, evolving
and growing system and has meaningful rules. Rules are important; but, I can
say from the bottom of my heart that there are people within the payment system
industry that know a lot more about writing rules than me, I want to attack.
Besides, it is not the rules governing the model system; I
plan to build a public access audit port to (SVGRTP) hubs. This multi-function inspection probe with
public access mitigates risks or at least allows potential partners to monitor
the real risks of partner or potential partner payment hubs, but I wanted to
take time here to attack it, not protect it.
I name the model
under investigation the Virtual Bum’s Pocket (VBP); it is the SVGRTP discussed
in the last 3 blogs. VBP hubs issue virtual currency and so a time tested
attack is to manufacture value and introduce it from an unauthorized source.
Certainly, this is a prime avenue for an attack. The currency design is the
prime defense against counterfeiting. The currency has 3 protections against
its counterfeiting, namely:
- Non-revocable doubly signed certificates
- Responds to “page”
- Insurance
The Europay MasterCard VISA (EMV) specifications
(particularly volume 2, see http://www.emvco.com/specifications.aspx?id=223
) adequately describe implementing signed certificates. Two other elements make
currency attack difficult. The currency if placed in specially designed
containers respond to a page requests. The issuer sends a request for the
currency to give its location and if it resides in an authorized container
communicating with the world at large it responds. The issuer can revoke it if
the currency does not respond by a time specified by the issuer. If the
currency issuer opted for insurance, the insurance company may imbed tracking
controls within the currency data. Those tracking controls known only to the
insurance company contain a wide array of constantly evolving defenses.
I now have the defenses in place. I will implement my attack
tomorrow. Moo ha ha.
Next Blog: In which our young hero, attacks the bum’s pocket with stone knives and bearskins
No comments:
Post a Comment